Windows Update | Error: 80072F78

Since when did Windows update become such a pain to update?

Just for a little background I’ve had this error on a number of occasions. WSUS is installed and configured within the environment, Windows updates are filtered and applied from WSUS (v3.2) running on Server 2003. The clients are configured using an update GPO. Windows firewall on the domain is turned off.

Servers are allowed outbound with no Firewall restrictions on the Cisco ASA

Clients aren’t allowed outbound with Firewall restrictions on the Cisco ASA. (They have internet access via a Proxy Server and I.E. settings are configured via GPO and a PAC file)

Error: 80072F78

After installing a new Windows Server 2008 R2 server I was greeted with this error after adding the server to the domain and performing manual windows updates. The error was displayed after clicking the “Check online for updates from Windows Update” – Although I want to apply the updates from WSUS I wanted to ensure that it was obtaining the latest updates as some may not have been approved.

I checked out some forums and found that this is a known issue with the “authroot.stl” cert installed. I downloaded a newer version and installed:

  1. Download: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  2. Extract
  3. Install (using the default settings, next, next, finish)

This didn’t work straight away until I reset all settings in I.E. 9.0 | after which the error disappeared and I could view the update options (or in my case no updates)

Although this resolved my issue it may not for all! I did find a number of different error codes and suggested fixes on my internet travels, most of these relating to proxy or connection restrictions. Microsoft have documented some debugging steps here: http://support.microsoft.com/kb/836941

Download the “Client Diagnostics Tool”

http://technet.microsoft.com/en-us/windowsserver/bb466192.aspx

netsh winhttp reset proxy

  1. wuauclt.exe /detectnow

Update: OK I thought the above would work… apparently not!

OK the secret is in this file:

C:\windows\windowsupdate.log

Delete the entire registry key HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

Which will revert the WUAgent to the original installed behavior of Automatic Updates and then set the desired behavior usign the Control Panel | Windows Update dialog.

Reference: 

https://www.trustwave.com/support/kb/KnowledgebaseArticle10726.aspx

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.